Sunday July 03, 2016

Zero-Day Exploit Bypasses Windows Security Features, Affects Lenovo Thinkpads

The exploit dubbed "ThinkPwn" can disable Secure Boot and Windows security features that include Credential Guard, which is used to keep enterprise domain credentials secure. It was discovered in a UEFI driver and lets an attacker run any scripts they wish on a privileged operating mode for the CPU.

Lenovo says that the affected code is not in its own UEFI file, but in one provided by an independent BIOS vendor (IBV). The extent of the security concern is not yet known. At the moment, it is only known to affect Lenovo ThinkPad machines, but it is a real possibility that other vendors and PC manufacturers could also be affected. Lenovo itself says the issue could be "industry-wide". The only slightly positive in all of this is that, in order to attack a machine, you need physical access to it, as the UEFI can only be accessed physically, and would require a USB flash drive.